CVE-2011-3869: Puppet arbitrary file overwrite
6.3
CVSS Score
Basic Information
CVE ID
GHSA ID
EPSS Score
0.12124%
CWE
Published
5/14/2022
Updated
1/19/2024
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
AV:L/AC:M/Au:N/C:N/I:C/A:C
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
puppet | rubygems | < 2.6.11 | 2.6.11 |
puppet | rubygems | >= 2.7.0, < 2.7.5 | 2.7.5 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from the insecure file write operation in the k5login type. The GitHub patch explicitly replaces File.open
with Puppet::Util.secure_open
in the write
method of k5login.rb
, indicating this was the vulnerable code path. The original File.open
call lacked symlink safety checks, enabling TOCTOU attacks. The commit message and CWE-59 context confirm this is a classic symlink race condition vulnerability.